pf eates syn packet?
max at love2party.net
Thu Aug 2 15:14:25 UTC 2007
On Thursday 02 August 2007, Frank Behrens wrote:
> Frank Behrens <frank at pinky.sax.de> wrote on 2 Aug 2007 13:29:
> > Aug 2 13:17:26 <kern.crit> moon kernel: pf: state insert failed:
> > tree_ext_gwy lan: 188.8.131.52:50517 gwy: 184.108.40.206:50517 ext:
> > 220.127.116.11:80
> The new pf(4) from
> on FreeBSD 6.2-STABLE-200708021147 i386 shows the same problem. :-(
> Is this a problem for pf(4) on FreeBSD or should the report be sent to
Can you follow up with the complete pf.conf you are using? The "state
insert failed" error suggests a logic problem in your config (or a missed
PF_TAG_GENERATED somewhere). It seems that the same packet is run
through the firewall twice, generating state on the first run, but not
matching it on the second ... somehow strange.
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070802/a862629b/attachment.pgp
More information about the freebsd-pf